Phishing net behaving strangely
MailScanner at ecs.soton.ac.uk
Fri Apr 8 16:51:52 IST 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Denis Beauchemin wrote:
> Denis Beauchemin wrote:
>> I am testing the phishing net for the first time. I use MS 4.40.11
>> on a brand new machine. Language.conf contains:
>> PossibleFraudStart = <font color="red"><b>MailScanner
>> soupçonne le lien
>> PossibleFraudEnd = d'être une tentative de fraude de la part
>> Here is what I sent to test (I added some underscores to make sure my
>> message would not be trapped again):
>> <a href="http_:_//_132_._210_._0_._0/">bad tag</a><br>
>> Here is what I got:
>> <a href="http_:_//_132_._210_._0_._0/"><font
>> color="red"><b>MailScanner soupçonne le lien "22.214.171.124"
>> d'être une tentative de fraude de la part de</b></font> pas le
>> Which makes MS' message appear as a link. The message translates to:
>> MS believes the link "126.96.36.199" to be a phishing fraud attempt
>> from bad tag.
>> Is this normal behaviour?
> I just tried it again after changing MS' setup to English and the
> results are the same: MS' warning is inside the link... so I guess it
> is normal behaviour...
The idea is to leave the link active, but make the warning message part
of the link. So if it is a false alarm, they can still easily click on
the link. They have to be made aware that what they are doing is
potentially dangerous, but I don't (and shouldn't) actually stop them
being able to follow the link.
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner